NEAS[.]f9366677dd0937daab9de75d98391ab0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f9366677dd0937daab9de75d98391ab0.exe
Size

52KB
MD5

f9366677dd0937daab9de75d98391ab0
SHA1

1318b459054c50ce88abb7084a524bdd57e15e80
SHA256

6b6f90930e8d2f3c817d9ee7012df6f0b08dc1743e68c9c576ba1767e4b61dbd
SHA512

bd22587a115f9970d5eb5c33cd4ff189e331dbf38c38f511609b4e5028c5ace6311507dd12451793805685fdd626cc25e66bdda954069f1e0aa80556f9cb2f5f
SSDEEP

768:u4syRls4Y5U23mu1kU5wH8k4b17cCqWbD1zjsS+cyseZKnemEYcMqtaTFMuNmd8i:rsyRlsjrmuyUmH8VaSnsjZbmcsNTba

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f9366677dd0937daab9de75d98391ab0.exe

Files

NEAS.f9366677dd0937daab9de75d98391ab0.exe
.dll windows:4 windows x86 arch:x86

c599de38e1006ab3863be4505fce489c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libgcc_s_sjlj-1

__udivdi3
__umoddi3

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__dllonexit
__mb_cur_max
_amsg_exit
_errno
_initterm
_iob
_lock
_onexit
_unlock
calloc
fputc
free
getenv
localeconv
malloc
memcpy
setlocale
strchr
strerror
strlen
strncmp
abort
atoi
wcslen

libglib-2.0-0

g_assertion_message_expr
g_intern_static_string
g_log
g_once_init_enter
g_once_init_leave

libgobject-2.0-0

g_enum_register_static
g_object_class_install_property
g_object_unref
g_param_spec_boolean
g_param_spec_enum
g_param_spec_float
g_param_spec_int
g_type_check_class_cast
g_type_check_instance_cast
g_type_class_adjust_private_offset
g_type_class_peek_parent
g_type_name
g_type_register_static_simple
g_value_get_boolean
g_value_get_enum
g_value_get_float
g_value_get_int
g_value_set_boolean
g_value_set_enum
g_value_set_float
g_value_set_int

libgstaudio-1.0-0

gst_audio_encoder_finish_frame
gst_audio_encoder_get_type
gst_audio_encoder_merge_tags
gst_audio_encoder_set_latency
gst_audio_encoder_set_output_format

libgstbase-1.0-0

gst_adapter_available
gst_adapter_clear
gst_adapter_map
gst_adapter_new
gst_adapter_push
gst_adapter_take_buffer
gst_adapter_unmap

libgstreamer-1.0-0

_gst_debug_category_new
_gst_debug_min
_gst_debug_register_funcptr
_gst_element_error_printf
gst_buffer_map
gst_buffer_new_allocate
gst_buffer_resize
gst_buffer_unmap
gst_caps_get_structure
gst_caps_new_simple
gst_debug_log
gst_element_class_add_pad_template
gst_element_class_set_static_metadata
gst_element_get_type
gst_element_message_full
gst_element_register
gst_library_error_quark
gst_mini_object_unref
gst_pad_get_allowed_caps
gst_static_pad_template_get
gst_stream_error_quark
gst_structure_get_int
gst_tag_list_add
gst_tag_list_new_empty
gst_util_uint64_scale_int

libintl-8

libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dgettext

libmp3lame-0

InterlockedCompareExchange@12
lame_close
lame_encode_buffer
lame_encode_buffer_interleaved
lame_encode_flush
lame_get_framesize
lame_get_out_samplerate
lame_get_version
lame_init
lame_init_params
lame_set_VBR
lame_set_VBR_mean_bitrate_kbps
lame_set_VBR_quality
lame_set_bWriteVbrTag
lame_set_brate
lame_set_in_samplerate
lame_set_mode
lame_set_num_channels
lame_set_out_samplerate
lame_set_quality

Exports

Exports

gst_plugin_desc

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c599de38e1006ab3863be4505fce489c

Headers

File Characteristics

Imports

libgcc_s_sjlj-1

kernel32

msvcrt

libglib-2.0-0

libgobject-2.0-0

libgstaudio-1.0-0

libgstbase-1.0-0

libgstreamer-1.0-0

libintl-8

libmp3lame-0

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 260B

.rdata Size: 8KB - Virtual size: 7KB

.bss Size: - Virtual size: 3KB

.edata Size: 512B - Virtual size: 81B

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 260B

.rdata
Size: 8KB - Virtual size: 7KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 81B

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 2KB - Virtual size: 1KB